Kaseya version 6.2.0.0 suffers from a cross site scripting vulnerability.
94d46d5b3ff9db9a3a7f354e7050e4cc448060e16567639091a8d43d990d8735HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.
309e442bfe4de81d1da4a903beb9bb3ce130e05b0ec3c99ada2e50debacf94afMiPagina CMS suffers from a persistent cross site scripting vulnerability.
9d02b5fadff60d5759cdfde9e6ed0b64cf47938e2d8a58757a12df221c5e7f03Script-KS CMS version 4.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
d486076affece3df4f59f5938f415775d25833b0d77deadbab0379fc53080d46JA-Programacao CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
30075956396468eb5fde71170a88235f03609972eceff0ec3138e93c29c746f5Trend Joinery suffers from a remote SQL injection vulnerability.
a23643f86107ed4aa0e0abc338fff70496818785b962346a4e4027797827fc0aWaylu CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
d27e4b5658eeaa6cb130c03ce140d393a29ff040c8f573e35a7cb95d41b34aa9Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
52363e44fb0da67d9da2ef19c482ca115b0e60ea50da8776e953b5d028b5ea91This Metasploit module exploits several vulnerabilities in Owncloud 3.0.1 and earlier in order to achieve code execution.
87b1af29e5351deb33c45527fe16c1c06e1dec6811c24b89956b28dfd2e2b93bUbuntu Security Notice 1400-5 - USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was shipped by default was unused by other applications and broke Firefox's ability to use system proxy settings. This update removes the unused schema. Various other issues were also addressed.
07e1cf6fd8987b086263aacb60563d76b5fd0d0116bf4c2083136d6fc4896fd2Debian Linux Security Advisory 2455-1 - Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.
47c42962916e4199be3819f88b30e724d5de0dc112811ab11be528a7445fd133Debian Linux Security Advisory 2454-1 - Multiple vulnerabilities have been found in OpenSSL. Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.
825c0a8ae8ea8fbf2a20faf45cd58f27b84d9a4a1fa4c787cb05063d8a84342eVermont Web Design suffers from a remote SQL injection vulnerability.
df0a4f4d910164bf6222aaea80a1419b254f1e39809f15338b5af3c612bceef1Secunia Security Advisory - A vulnerability has been discovered in the Download Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
21c5c47de8c72653177f65ab6af5cc82467a8b1be235930dff2d4911ca3bb43cSecunia Security Advisory - Multiple vulnerabilities have been reported in ReadyDesk, which can be exploited by malicious people to conduct script insertion attacks.
db69da7634774c7d34b6d0f9da83a9ad4c9d93e03f550b057209111e2ea4a086Secunia Security Advisory - luks has discovered a vulnerability in ownCloud, which can be exploited by malicious people to bypass certain security restrictions.
4be4fd05355b9bb508b48d89562fb04ac2962ce4d4025a666662151a53965451Secunia Security Advisory - A vulnerability has been reported in Oracle BI Publisher, which can be exploited by malicious people to manipulate certain data.
8cf1bcb5d2730d1a3057ee5066232ff2f2605a89ea1190e31f481827cfdd6269Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system, and by malicious people to manipulate certain data.
ea141f72621fcdfedbdd4989709343ddfce2384857ccaa15c89fb90ce3c00efbSecunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Human Capital Management, which can be exploited by malicious users to disclose potentially sensitive information.
8a6a90a23ae76e2eb39075f0588093d23a80a72cb05cea6b6cbef06e7af83c5cSecunia Security Advisory - A vulnerability has been reported in Oracle Identity Manager Connector for Database User Management, which can be exploited by malicious users to manipulate certain data.
5d4de1b8bdc2499c7b5da4f6ca7e8e1bd88337b6b5bc4484cffdd204af8ee9a3Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Grid Engine, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to compromise a vulnerable system.
9876c7286369b683052754c182e524ef1469ad87f1cbed3c1a7af87e306f915bGilbert Life suffers from a remote SQL injection vulnerability.
185a8845c7068f68e5c9a9498777f28fb2f62d57b17786b5199b27566a8701faPark Road suffers from a remote SQL injection vulnerability.
30cbce2f949fe51664142fd4f95a2c1a0e3769f1081c52f9b25692a7b0c5afe0OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
d3487e09d891c772cf946273a3bb0ca47479e7941be6d822274320e7cfcc361bA potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Affected users should upgrade to OpenSSL 1.0.1a, 1.0.0i or 0.9.8v.
19a189a52d6c63bf422db1606db5993ec020026350a0b59f7242e863b2d619ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed